Google Git
Sign in
chromium / chromium / src / sandbox / e30d18b05bca7ea47f57edc642b214509ce51692
commite30d18b05bca7ea47f57edc642b214509ce51692[log] [tgz]
authorHui Yingst <nigi@chromium.org>Wed Nov 10 23:59:16 2021
committerCopybara-Service <copybara-worker@google.com>Thu Nov 11 00:14:11 2021
treed553e3460a977f2796f80d4374d5089427fa4d9e
parentcfac2fd3bcad20801246e96d7ab5327df5f71ab0 [diff]
Revert "Add Render Process Sandbox Policy feature tests"

This reverts commit cbbfffe534a0017c63f27229096289cb220937c6.

Reason for revert: suspect this CL has caused
RendererSandboxSettings/RendererFeatureSandboxWinTest.RendererGeneratedPolicyTest
to be flaky on multiple bots.

Bug: 1209051

Original change's description:
> Add Render Process Sandbox Policy feature tests
>
> This is primarily a Windows change, but some refactoring was necessary
> in order to make RendererSandboxedProcessLauncherDelegate usable in test
> code and this class exists on multiple flavors.
>
> Bug: 1266582
> Change-Id: Id9aefb3e3eed2e3e375c8f14e0e90127cb86fc3e
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3260947
> Reviewed-by: Will Harris <wfh@chromium.org>
> Reviewed-by: Jonathan Ross <jonross@chromium.org>
> Commit-Queue: Emily Andrews <emiled@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#940462}

TBR=jonross@chromium.org,wfh@chromium.org,chromium-scoped@luci-project-accounts.iam.gserviceaccount.com,emiled@microsoft.com

Change-Id: I1efbf754758da3eca26b888e3b473b09356a0e3e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: 1266582
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3273699
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Olivia Yingst <huiyingst@google.com>
Reviewed-by: Yuki Yamada <yukiy@chromium.org>
Reviewed-by: Hui Yingst <nigi@chromium.org>
Owners-Override: Yuki Yamada <yukiy@chromium.org>
Commit-Queue: Olivia Yingst <huiyingst@google.com>
Cr-Commit-Position: refs/heads/main@{#940558}
NOKEYCHECK=True
GitOrigin-RevId: bcd1a8f73f3858472384a24c00b74c2922b0b9f4
7 files changed
tree: d553e3460a977f2796f80d4374d5089427fa4d9e
  1. linux/
  2. mac/
  3. policy/
  4. win/
  5. BUILD.gn
  6. COMMON_METADATA
  7. constants.h
  8. DEPS
  9. DIR_METADATA
  10. features.gni
  11. ipc.dict
  12. OWNERS
  13. README.md
  14. sandbox_export.h
README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.